The problem is due to the HTTP_REFERER field not being transmitted to the site.
This is a security measure since the field is easily spoofed.
However, you can allow it for specific sites. The method depends on which firewall software you're using. For Zone Alarm & eTrust you need to uncheck 'Remove private header info' under Privacy\\3rd party cookies. Symantic have their own instructions - see their website.